2024, Penetration Testing and Risk - Cyber Security Informer

Millions of Routers at Risk: CVE-2024-21833 Threatens TP-Link Devices

Penetration Testing

FEBRUARY 1, 2024

Recently, CYFIRMA’s Research Team has conducted an exhaustive analysis of a security vulnerability, identified as CVE-2024-21833, that poses a significant risk to TP-Link Routers.

Penetration Testing

Penetration Testing Risk

Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk

Penetration Testing

APRIL 21, 2024

This flaw, designated CVE-2024-29291, affects versions 8.* of... The post Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk appeared first on Penetration Testing. through 11.*

Penetration Testing

Penetration Testing Risk Data breaches

ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability CVE-2024-20380

Penetration Testing

APRIL 18, 2024

The patches address a high-severity vulnerability, designated CVE-2024-20380 (CVSS 7.5), that could allow unauthenticated, remote attackers to crash ClamAV... The post ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability CVE-2024-20380 appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk Antivirus Software

New R Vulnerability CVE-2024-27322: Code Execution Risk in Data Files

Penetration Testing

APRIL 29, 2024

Researchers from HiddenLayer have discovered a significant vulnerability in the R programming language, tracked as CVE-2024-27322, that exposes users to arbitrary code execution through deserialized data.

Penetration Testing

Penetration Testing Risk

CVE-2024-0819: TeamViewer’s Security Flaw Risks Password Safety

Penetration Testing

FEBRUARY 27, 2024

A recently discovered security hole (CVE-2024-0819) in older TeamViewer versions (prior to 15.51.5) could have put your personal password and system security at risk.

Passwords

Passwords Risk Penetration Testing

CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz

Penetration Testing

FEBRUARY 28, 2024

Two critical vulnerabilities (CVE-2024-25065, CVE-2024-23946) have been discovered that put a wide range of businesses at risk. Decoding the Vulnerabilities... The post CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk

CVE-2024-29745 & CVE-2024-29748: Critical Google Pixel Flaws Exploited – Update Immediately

Penetration Testing

APRIL 3, 2024

Google has revealed in their April 2024 Pixel Update Bulletin that several serious security flaws could be putting your Pixel device at risk.

Penetration Testing

Penetration Testing Risk

CVE-2024-29201 & CVE-2024-29202 Flaws Expose JumpServer Users to RCE Attacks

Penetration Testing

APRIL 1, 2024

JumpServer, a popular open-source bastion host system, has recently been found to contain two critical vulnerabilities (CVE-2024-29201 and CVE-2024-29202) that could allow attackers to execute arbitrary code remotely.

Penetration Testing

Penetration Testing Risk

CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed

Penetration Testing

APRIL 30, 2024

The vulnerability, tracked as CVE-2024-27790, has been... The post CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk Software

CVE-2024-24401 & 24402: Nagios XI Security Flaws Found! PoC Published

Penetration Testing

FEBRUARY 26, 2024

Two security vulnerabilities (CVE-2024-24401 and CVE-2024-24402) have been identified in Nagios XI, a widely used enterprise-grade monitoring tool. These flaws pose significant risks for organizations utilizing the software. Nagios XI... The post CVE-2024-24401 & 24402: Nagios XI Security Flaws Found!

Penetration Testing

Penetration Testing Software Risk

CVE-2024-12912 & CVE-2024-13062: ASUS Routers at Risk

Penetration Testing

JANUARY 2, 2025

Two flaws, tracked The post CVE-2024-12912 & CVE-2024-13062: ASUS Routers at Risk appeared first on Cybersecurity News. ASUS has issued a security advisory warning users of critical vulnerabilities affecting several router models.

Risk

Risk Cybersecurity

Over 200,000 Sites at Risk: Directory Traversal CVE-2024-0221 Vulnerability Hits Photo Gallery Plugin

Penetration Testing

JANUARY 24, 2024

Photo Gallery is the leading... The post Over 200,000 Sites at Risk: Directory Traversal CVE-2024-0221 Vulnerability Hits Photo Gallery Plugin appeared first on Penetration Testing. The affected plugin, Photo Gallery by 10Web – Mobile-Friendly Image Gallery, has over 200,000 active installations.

Penetration Testing

Penetration Testing Risk Mobile

Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update

Penetration Testing

MARCH 8, 2024

Canon has released a security bulletin addressing a buffer overflow vulnerability (CVE-2024-2184, CVSS 9.8) Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update appeared first on Penetration Testing.

Firmware

Firmware Penetration Testing Risk

CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign

Penetration Testing

APRIL 22, 2024

This zero-day flaw, identified as CVE-2024-4040 with a CVSS score of 7.7, poses a severe risk to organizations... The post CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Software Risk

CVE-2024-25600: WordPress’s Bricks Builder RCE Flaw Under Attack

Penetration Testing

FEBRUARY 19, 2024

A critical remote code execution (RCE) vulnerability (CVE-2024-25600, CVSS 9.8) This vulnerability is actively being exploited, rendering affected websites at significant risk.... ... The post CVE-2024-25600: WordPress’s Bricks Builder RCE Flaw Under Attack appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk

CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution

Penetration Testing

MARCH 14, 2024

This vulnerability, designated as CVE-2024-27307, poses a serious security risk and could allow attackers... The post CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk

Apple Shortcuts Vulnerability (CVE-2024-23204): Technical Analysis and Mitigation

Penetration Testing

FEBRUARY 22, 2024

A patched vulnerability within Apple’s Shortcuts automation framework presents a substantial risk to macOS and iOS devices.

Penetration Testing

Penetration Testing Risk

CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers

Penetration Testing

MARCH 8, 2024

What’s the Risk? The... The post CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers appeared first on Penetration Testing. These vulnerabilities, if left unaddressed, could provide attackers with various avenues for compromising affected devices.

Penetration Testing

Penetration Testing Software Risk Authentication

CVE-2024-2044: pgAdmin Remote Code Execution Vulnerability

Penetration Testing

MARCH 7, 2024

A recently patched vulnerability (CVE-2024-2044) in pgAdmin, the widely-used PostgreSQL administration tool, highlights the ever-present risks of unsafe data deserialization and insufficient input validation.

Penetration Testing

Penetration Testing Risk

CVE-2024-8698: Keycloak Vulnerability Puts SAML Authentication at Risk

Penetration Testing

SEPTEMBER 22, 2024

Tracked as CVE-2024-8698,... The post CVE-2024-8698: Keycloak Vulnerability Puts SAML Authentication at Risk appeared first on Cybersecurity News.

Authentication

Authentication Risk Cybersecurity

CVE-2024-28085: Critical ‘WallEscape’ Flaw Discovered in Linux Utilities Package – Passwords at Risk

Penetration Testing

MARCH 27, 2024

A serious security vulnerability, dubbed “WallEscape” (CVE-2024-28085), has been uncovered in the essential Linux system utilities package, util-linux.

Passwords

Passwords Penetration Testing Risk

VuFind Libraries Face Critical Vulnerabilities – CVE-2024-25737 & CVE-2024-25738

Penetration Testing

MAY 26, 2024

VuFind, the widely used open-source library discovery platform, has issued an urgent security advisory, disclosing two critical vulnerabilities that could expose libraries and their users to serious risks.

Penetration Testing

Penetration Testing Risk

CVE-2024-8105: An UEFI Flaw Putting Millions of Devices at Risk

Penetration Testing

SEPTEMBER 2, 2024

A significant vulnerability, CVE-2024-8105, dubbed PKfail, has surfaced within the UEFI ecosystem. this flaw exposes critical UEFI security mechanisms to compromise, making systems vulnerable... The post CVE-2024-8105: An UEFI Flaw Putting Millions of Devices at Risk appeared first on Cybersecurity News.

Risk

Risk Cybersecurity

CVE-2024-2048: HashiCorp’s Vault Vulnerability Puts Secrets at Risk

Penetration Testing

MARCH 5, 2024

HashiCorp’s Vault, a popular tool for securely managing sensitive data, contains a vulnerability (CVE-2024-2048, CVSS 8.1) Understanding... The post CVE-2024-2048: HashiCorp’s Vault Vulnerability Puts Secrets at Risk appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk Authentication

CVE-2024-29212: Veeam RCE Vulnerability Exposes Data Protection Services to Risk

Penetration Testing

MAY 7, 2024

This flaw (CVE-2024-29212) opens a door... The post CVE-2024-29212: Veeam RCE Vulnerability Exposes Data Protection Services to Risk appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk Backups

CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk

Penetration Testing

SEPTEMBER 29, 2024

The flaw, tracked as CVE-2024-8353... The post CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk appeared first on Cybersecurity News.

Risk

Risk Cybersecurity

CVE-2024-26808: PoC Exploit Shows Local Privilege Escalation Risk in Linux

Penetration Testing

SEPTEMBER 29, 2024

In a significant development for the cybersecurity community, researchers have published technical details and a proof-of-concept (PoC) exploit for a newly identified vulnerability in the Linux kernel, designated as CVE-2024-26808....

Risk

Risk Cybersecurity

CVE-2024-1086: Critical Linux Kernel Flaw Demands Immediate Patching, PoC Published!

Penetration Testing

MARCH 26, 2024

The technical details and proof-of-concept (PoC) exploit code for a severe vulnerability in the Linux kernel (CVE-2024-1086) have been exposed, putting countless systems at risk. on the CVSS scale,... The post CVE-2024-1086: Critical Linux Kernel Flaw Demands Immediate Patching, PoC Published! This flaw, rated a 7.8

Penetration Testing

Penetration Testing Risk

Google Chrome Update Patches High-Risk Vulnerabilities

Penetration Testing

MARCH 26, 2024

Critical Vulnerability and Large Payout CVE-2024-2883: Use after... The post Google Chrome Update Patches High-Risk Vulnerabilities appeared first on Penetration Testing. Google has released an important security update for its Chrome browser (version 123.0.6312.86/.87),

Penetration Testing

Penetration Testing Risk

Linux Kernel Flaw CVE-2024-0193 Opens Root Access

Penetration Testing

JANUARY 8, 2024

A recently disclosed security flaw, identified as CVE-2024-0193, poses a significant risk to systems relying on this widely used... The post Linux Kernel Flaw CVE-2024-0193 Opens Root Access appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk

Root Access Risk: Cisco Unity Connection’s CVE-2024-20272 Security Breach

Penetration Testing

JANUARY 10, 2024

Identified as CVE-2024-20272, this vulnerability allows unauthenticated attackers could gain root privileges on unpatched devices. Cisco Unity Connection lets users access and... The post Root Access Risk: Cisco Unity Connection’s CVE-2024-20272 Security Breach appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk Software

CVE-2024-21512: MySQL2 Vulnerability Puts Millions of Downloads at Risk

Penetration Testing

JUNE 3, 2024

with over 2 million monthly downloads, has been found to contain a severe security vulnerability that could leave countless applications at risk. Tracked as CVE-2024-21512 and... The post CVE-2024-21512: MySQL2 Vulnerability Puts Millions of Downloads at Risk appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk

Unpatched Epson Devices at Risk: CVE-2024-47295 Allows Easy Hijacking

Penetration Testing

NOVEMBER 11, 2024

A newly discovered security vulnerability, CVE-2024-47295, affecting multiple SEIKO EPSON products, could allow attackers to take control of devices with administrative privileges.

Risk

Risk Passwords Cybersecurity

CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws

Penetration Testing

DECEMBER 19, 2024

resolves multiple vulnerabilities that pose significant risks, including... The post CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws appeared first on Cybersecurity News. Foxit has released a crucial security update for its widely used Foxit PDF Reader and Foxit PDF Editor.

Risk

Risk Cybersecurity

CVE-2024-24576 (CVSS 10): Rust Flaw Exposes Windows Systems to Command Injection Attacks

Penetration Testing

APRIL 9, 2024

A critical vulnerability in the Rust standard library has been uncovered, exposing Windows-based systems to the risk of arbitrary code execution.

Penetration Testing

Penetration Testing Risk

CVE-2024-1933: TeamViewer Bug Exposes macOS Users: Update Immediately!

Penetration Testing

MARCH 26, 2024

A security vulnerability in TeamViewer has been uncovered, putting macOS users of older versions at significant risk. This “symlink” flaw could allow attackers to elevate their privileges on a target machine and potentially cause... The post CVE-2024-1933: TeamViewer Bug Exposes macOS Users: Update Immediately!

Penetration Testing

Penetration Testing Risk

LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise

Penetration Testing

NOVEMBER 18, 2024

A recent security advisory from the LibreNMS project has revealed a severe vulnerability (CVE-2024-51092) affecting versions up to 24.9.1 The flaw, rated a critical... The post LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise appeared first on Cybersecurity News.

Risk

Risk Cybersecurity

CVE-2024-6376 (CVSS 9.8) in MongoDB Compass Exposes Systems to Code Injection Risks

Penetration Testing

JULY 5, 2024

This tool, known for its robust capabilities and cross-platform... The post CVE-2024-6376 (CVSS 9.8) in MongoDB Compass Exposes Systems to Code Injection Risks appeared first on Cybersecurity News.

Risk

Risk Cybersecurity

Ecommerce Alert: Shopware Hit by Critical-Risk CVE-2024-22406 Flaw

Penetration Testing

JANUARY 17, 2024

A critical flaw, identified as CVE-2024-22406 with a CVSS score... The post Ecommerce Alert: Shopware Hit by Critical-Risk CVE-2024-22406 Flaw appeared first on Penetration Testing.

eCommerce

eCommerce Penetration Testing Risk Cybersecurity

CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk

Penetration Testing

JULY 17, 2024

The Apache Software Foundation has issued a security advisory regarding two critical vulnerabilities, CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61.

Risk

Risk Software Cybersecurity

CVE-2024-40767: OpenStack Nova Vulnerability Exposes Cloud Servers to Data Theft Risk

Penetration Testing

JULY 25, 2024

A critical vulnerability (CVE-2024-40767) has been discovered in OpenStack Nova, the open-source cloud computing platform’s core component for managing virtual servers.

Risk

Risk Cybersecurity

CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability

Penetration Testing

JANUARY 21, 2024

In the interconnected realm of modern technology, where devices ranging from NAS systems to next-gen routers and headless home servers become the backbone of our digital lives, the software that powers them is of... The post CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk Technology Software

166k+ Projects at Risk: AutoGPT’s Critical Vulnerability Explained – CVE-2024-6091 (CVSS 9.8)

Penetration Testing

SEPTEMBER 16, 2024

With over 166k stars on GitHub, AutoGPT has gained popularity... The post 166k+ Projects at Risk: AutoGPT’s Critical Vulnerability Explained – CVE-2024-6091 (CVSS 9.8) A significant security vulnerability has been discovered in AutoGPT, a powerful AI tool designed to automate tasks through intelligent agents.

Risk

Risk Cybersecurity

CVE-2024-25089: RCE Risk in Malwarebytes Binisoft Windows Firewall Control

Penetration Testing

FEBRUARY 4, 2024

These vulnerabilities tracked as CVE-2024-25089 and CVE-2023-36631, pose significant risks... The post CVE-2024-25089: RCE Risk in Malwarebytes Binisoft Windows Firewall Control appeared first on Penetration Testing.

Firewall

Firewall Penetration Testing Risk

Millions of Routers at Risk: CVE-2024-21833 Threatens TP-Link Devices

Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk

Trending Sources

ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability CVE-2024-20380

New R Vulnerability CVE-2024-27322: Code Execution Risk in Data Files

CVE-2024-0819: TeamViewer’s Security Flaw Risks Password Safety

CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz

CVE-2024-29745 & CVE-2024-29748: Critical Google Pixel Flaws Exploited – Update Immediately

CVE-2024-29201 & CVE-2024-29202 Flaws Expose JumpServer Users to RCE Attacks

CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed

CVE-2024-24401 & 24402: Nagios XI Security Flaws Found! PoC Published

CVE-2024-12912 & CVE-2024-13062: ASUS Routers at Risk

Over 200,000 Sites at Risk: Directory Traversal CVE-2024-0221 Vulnerability Hits Photo Gallery Plugin

Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update

CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign

CVE-2024-25600: WordPress’s Bricks Builder RCE Flaw Under Attack

CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution

Apple Shortcuts Vulnerability (CVE-2024-23204): Technical Analysis and Mitigation

CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers

CVE-2024-2044: pgAdmin Remote Code Execution Vulnerability

CVE-2024-8698: Keycloak Vulnerability Puts SAML Authentication at Risk

CVE-2024-28085: Critical ‘WallEscape’ Flaw Discovered in Linux Utilities Package – Passwords at Risk

VuFind Libraries Face Critical Vulnerabilities – CVE-2024-25737 & CVE-2024-25738

CVE-2024-8105: An UEFI Flaw Putting Millions of Devices at Risk

CVE-2024-2048: HashiCorp’s Vault Vulnerability Puts Secrets at Risk

CVE-2024-29212: Veeam RCE Vulnerability Exposes Data Protection Services to Risk

CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk

CVE-2024-26808: PoC Exploit Shows Local Privilege Escalation Risk in Linux

CVE-2024-1086: Critical Linux Kernel Flaw Demands Immediate Patching, PoC Published!

Google Chrome Update Patches High-Risk Vulnerabilities

Linux Kernel Flaw CVE-2024-0193 Opens Root Access

Root Access Risk: Cisco Unity Connection’s CVE-2024-20272 Security Breach

CVE-2024-21512: MySQL2 Vulnerability Puts Millions of Downloads at Risk

Unpatched Epson Devices at Risk: CVE-2024-47295 Allows Easy Hijacking

CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws

CVE-2024-24576 (CVSS 10): Rust Flaw Exposes Windows Systems to Command Injection Attacks

CVE-2024-1933: TeamViewer Bug Exposes macOS Users: Update Immediately!

LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise

CVE-2024-6376 (CVSS 9.8) in MongoDB Compass Exposes Systems to Code Injection Risks

Ecommerce Alert: Shopware Hit by Critical-Risk CVE-2024-22406 Flaw

CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk

CVE-2024-40767: OpenStack Nova Vulnerability Exposes Cloud Servers to Data Theft Risk

CVE-2024-22416: Exposing pyLoad’s High-Risk CSRF Vulnerability

166k+ Projects at Risk: AutoGPT’s Critical Vulnerability Explained – CVE-2024-6091 (CVSS 9.8)

CVE-2024-25089: RCE Risk in Malwarebytes Binisoft Windows Firewall Control

Stay Connected